[Support] Linuxserver.io - Nextcloud


Recommended Posts

2 hours ago, Tharnax said:

Please disregard, after opening the config.php file in a different application I see where I omitted a comma in one of the statements.

The advantage of using something like VS Code to edit config files. As soon as you stuff up the syntax it's really obvious. Now don't get me wrong, mad respect for the vi diehards but I'd rather not waste time on silly errors.

  • Like 1
Link to comment
8 hours ago, cat2devnull said:

The advantage of using something like VS Code to edit config files. As soon as you stuff up the syntax it's really obvious. Now don't get me wrong, mad respect for the vi diehards but I'd rather not waste time on silly errors.

Some people code so much they see the highlighting even when they use vi, like the matrix.

  • Haha 2
Link to comment
8 hours ago, cat2devnull said:

The advantage of using something like VS Code to edit config files. As soon as you stuff up the syntax it's really obvious. Now don't get me wrong, mad respect for the vi diehards but I'd rather not waste time on silly errors.

You are correct, I couldn't see the issue reviewing the code via terminal, however, when I opened it via the Shares (Dynamic File Manager plug-in - although don't quote me that might not be how it worked it might be Unraid OOTB capability), I was able to navigate through Shares to the Nexcloud config folder and open the config.php file where there was a clear red X beside the line with an issue.  Upon further review, I identified it was the line above which was missing the comma at the end.  Such as small difference but that "tool" / capability helped me resolve the issue but highlighting the area of the issue in the code.  If I was to make a recommendation to Spaceinvader One, it would be to utilize this capability in this tutorial videos because then any manual updates a user is making it would be more apparent if they make a minor mistake while following along.  Thanks all for your feedback.

Link to comment

The Update yesterday messed up my configuration and WebUI gives me following error message:


 

Internal Server Error
The server was unable to complete your request.
If this happens again, please send the technical details below to the server administrator.
More details can be found in the server log.

Technical details
Remote Address: xxx.xxx.xxx.xxx
Request ID: PGYCL1eLXBpQyWYQvrTH

 

 

Log:

usermod: no changes
───────────────────────────────────────

      ██╗     ███████╗██╗ ██████╗ 
      ██║     ██╔════╝██║██╔═══██╗
      ██║     ███████╗██║██║   ██║
      ██║     ╚════██║██║██║   ██║
      ███████╗███████║██║╚██████╔╝
      ╚══════╝╚══════╝╚═╝ ╚═════╝ 

   Brought to you by linuxserver.io
───────────────────────────────────────

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID:    99
User GID:    100
───────────────────────────────────────

using keys found in /config/keys
**** The following active confs have different version dates than the samples that are shipped. ****
**** This may be due to user customization or an update to the samples. ****
**** You should compare the following files to the samples in the same folder and update them. ****
**** Use the link at the top of the file to view the changelog. ****
┌────────────┬────────────┬────────────────────────────────────────────────────────────────────────┐
│  old date  │  new date  │ path                                                                   │
├────────────┼────────────┼────────────────────────────────────────────────────────────────────────┤
│ 2022-08-20 │ 2023-03-21 │ /config/nginx/site-confs/default.conf                                  │
└────────────┴────────────┴────────────────────────────────────────────────────────────────────────┘
[custom-init] No custom files found, skipping...
[ls.io-init] done.

 

 

The docker app worked flawlessly before (last checked Saturday April 1st), trying to access the docker webUI now doesn't work anymore.

 

Is there any way to fix this or to revert back to the previous version?

Link to comment

Hey all,

 

So I'm trying to set up Recognize. I'd like to run it without Tensorflow WASM mode as I understand Video tagging is not available with that setting.

 

Under Tensorflow WASM mode, it reads:

 

Could not check whether your machine supports native TensorFlow operation.

 

And with it disabled, under Node.js it reads:

 

Could not load libtensorflow in Node.js. You can try to manually install libtensorflow or run in WASM mode.

 

Under that is the note:

 

If the shipped Node.js binary doesn't work on your system for some reason you can set the path to a custom node.js binary. Currently supported is Node v14.17 and newer v14 releases.

 

I'd also like to run Tensorflow GPU mode, so I'd like to know if GPU passthrough works in the traditional sense with the --runtime=nvidia extra parameters and the NVIDIA_VISIBLE_DEVICES variable set.

 

Thanks in advance!

Edited by Avsynthe
  • Upvote 2
Link to comment

@Толете Thanks for your help with Security headers on Cloudflare . A+ is on all my domains in https://securityheaders.com/

Just wanted to ask about ' upgrade-insecure-requests ' is it safe to use only this header ?

after searched and tryed some header found very difficult to get right headers and not block some stuff in nextcloud and other domains ,also found tool CSP Generator for chrome but still trying :(...

 

Also not really found what the  (interest-cohort=()) mean ?

Link to comment

Hi All,

Can anyone please help with updating the nextcloud version

Tried everything, UI, CLI, deteling the updater-xxxxx folder, etc.

Nothing helped, nextcloud UI returns: "Update in process"

Updater returns: "Step 6 is currently in process. Please reload this page later."

Error:

[ ] Extracting ...PHP Warning:  require(/config/www/nextcloud/updater/../version.php): Failed to open stream: No such file or directory in phar:///config/www/nextcloud/updater/updater.phar/lib/Updater.php on line 676
PHP Fatal error:  Uncaught Error: Failed opening required '/config/www/nextcloud/updater/../version.php' (include_path='.:/usr/share/php81') in phar:///config/www/nextcloud/updater/updater.phar/lib/Updater.php:676
Stack trace:
#0 phar:///config/www/nextcloud/updater/updater.phar/lib/Updater.php(713): NC\Updater\Updater->getVersionByVersionFile()
#1 phar:///config/www/nextcloud/updater/updater.phar/lib/UpdateCommand.php(372): NC\Updater\Updater->extractDownload()
#2 phar:///config/www/nextcloud/updater/updater.phar/lib/UpdateCommand.php(233): NC\Updater\UpdateCommand->executeStep()
#3 phar:///config/www/nextcloud/updater/updater.phar/vendor/symfony/console/Command/Command.php(256): NC\Updater\UpdateCommand->execute()
#4 phar:///config/www/nextcloud/updater/updater.phar/vendor/symfony/console/Application.php(820): Symfony\Component\Console\Command\Command->run()
#5 phar:///config/www/nextcloud/updater/updater.phar/vendor/symfony/console/Application.php(187): Symfony\Component\Console\Application->doRunCommand()
#6 phar:///config/www/nextcloud/updater/updater.phar/vendor/symfony/console/Application.php(118): Symfony\Component\Console\Application->doRun()
#7 phar:///config/www/nextcloud/updater/updater.phar/updater.php(10): Symfony\Component\Console\Application->run()
#8 /config/www/nextcloud/updater/updater.phar(14): require('...')
#9 {main}
  thrown in phar:///config/www/nextcloud/updater/updater.phar/lib/Updater.php on line 676

nextcloud update fail.png

Link to comment

I just recently updated the Nextcloud, Maria, and Swag containers on my 6.11.5 unRaid server.

Everything seemed to go OK.

I noticed today that when I tried to sync my iPhone, I got a "503 server temporarily unavailable".

After looking around at logs and such, it seemed to correct itself and now files are syncing.

 

Should I be concerned? Any ideas why I got this 503 error? Maybe a drive was spun down or something?

Link to comment
On 4/7/2023 at 1:04 PM, Masterwishx said:

@Толете Thanks for your help with Security headers on Cloudflare . A+ is on all my domains in https://securityheaders.com/

Just wanted to ask about ' upgrade-insecure-requests ' is it safe to use only this header ?

after searched and tryed some header found very difficult to get right headers and not block some stuff in nextcloud and other domains ,also found tool CSP Generator for chrome but still trying :(...

 

Also not really found what the  (interest-cohort=()) mean ?

 

The 'upgrade-insecure-requests' header instructs the browser to automatically upgrade HTTP requests to HTTPS. This is a useful security measure to protect against man-in-the-middle (MITM) attacks and mixed content vulnerabilities. However, using this header alone is not enough to provide full Content Security Policy protection for your website.

 

Content Security Policy (CSP) is a security standard designed to mitigate the risk of cross-site scripting (XSS), clickjacking, and other code injection attacks. It is recommended to use a properly configured CSP in addition to the 'upgrade-insecure-requests' header to provide a more comprehensive security posture for your website.

 

Regarding the 'interest-cohort=()' directive, it is a new feature introduced by Google to combat online tracking by preventing websites from accessing a user's unique identifier or "cohort" information. The cohort information is used by Google to group similar users together for interest-based advertising. By adding 'interest-cohort=()' to your CSP, you are telling the browser to disallow the use of this feature, which could help protect user privacy. However, this directive is not yet widely supported by all browsers, and its impact on website functionality is still being studied.

 

On 4/7/2023 at 1:06 PM, Masterwishx said:

 

In .htaccess file:

# Content Security Policy (CSP)
Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; connect-src 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self';"

 

In default.conf file:

# Content Security Policy (CSP)
add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; connect-src 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self';" always;

 

in cloudflare, modify the values for 'Content-Security-Policy' with:

default-src 'none'; frame-ancestors 'none'; connect-src 'self'; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self';

 

CPS.thumb.png.10f5418cf88764d998dbf5f3783f3560.png

 

It is possible that this can break some of your subdomains ,those subdomain websites are using external resources (such as scripts, stylesheets, or images) that are not hosted on your domain. In this case, you may need to add additional directives to your CSP to allow those external resources.

 

To debug this issue, you can use the browser console to see which resources are being blocked by the CSP, and adjust the CSP directives accordingly. You can also use a CSP reporting tool (such as the one provided by Google) to get more detailed reports on CSP violations.

 

In general, it is important to be careful when implementing CSP, as it can have unintended consequences if not done properly. It is recommended to start with a more permissive policy (such as "default-src 'self'") and gradually tighten it as needed, while monitoring for any issues.

 

i would recommend just going with "upgrade-insecure-requests" to keep it from breaking other sites/apps you maybe running.

 

 

Edited by Tolete
  • Thanks 1
Link to comment
On 3/21/2023 at 12:30 PM, Tolete said:

 after upgrading to NC 26.0.0


Administration settings > Overview

error-

The "X-Robots-Tag" HTTP header is not set to "noindex, nofollow". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.

 

The Fix:
update [line 54] on your default.conf file

appdata > nextcloud > nginx > site-confs > default.conf

from

add_header X-Robots-Tag "none" always;

to

add_header X-Robots-Tag "noindex, nofollow" always;

 

Restart container.

Still getting this warning even though i updated default.conf and .htacces and restarting container on 25.0.5

Here's default.conf

  # The settings allows you to optimize the HTTP2 bandwitdth.
    # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
    # for tunning hints
    client_body_buffer_size 512k;

    # HTTP response headers borrowed from Nextcloud `.htaccess`
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "noindex, nofollow" always;
    add_header X-XSS-Protection                     "1; mode=block" always;

    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;

 

here's .htaccess

  <IfModule mod_env.c>
    # Add security and privacy related headers

    # Avoid doubled headers by unsetting headers in "onsuccess" table,
    # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
    Header onsuccess unset Referrer-Policy
    Header always set Referrer-Policy "no-referrer"

    Header onsuccess unset X-Content-Type-Options
    Header always set X-Content-Type-Options "nosniff"

    Header onsuccess unset X-Frame-Options
    Header always set X-Frame-Options "SAMEORIGIN"

    Header onsuccess unset X-Permitted-Cross-Domain-Policies
    Header always set X-Permitted-Cross-Domain-Policies "none"

    Header onsuccess unset X-Robots-Tag
    Header always set X-Robots-Tag "noindex, nofollow"

    Header onsuccess unset X-XSS-Protection
    Header always set X-XSS-Protection "1; mode=block"

    SetEnv modHeadersAvailable true
  </IfModule>

 

Edited by ffhelllskjdje
  • Thanks 1
Link to comment
13 hours ago, Tolete said:

i would recommend just going with "upgrade-insecure-requests" to keep it from breaking other sites/apps you maybe running.

 

Thanks for explaining, I used chrome extension to generate CSP for nextcloud with 'self' and all other parameters but only in cloudflare not in nextcloud nginx. So breaked some stuff. Of course used console for check it. Also using Matomo + Cloudflare app matomo for Analytics so it's a little harder for setup becose external js. So leaved "upgrade-insecure-requests" for now but will check you example and will check it again. 

  • Like 1
Link to comment

Hello,

 

I have problems with updating nextcloud. Im trying to manual upgrade using occ.

 

I get this message and i don't know how to change the permissions. I was trying to figure it out from some of the posts above but I don't understand how i should change it.

 

My Repository is linuxserver/nextcloud

 

Im getting this error:

 

docker exec -it nextcloud occ upgrade
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Cannot write into "config" directory.
This can usually be fixed by giving the web server write access to the config directory. See https://docs.nextcloud.com/server/26/go.php?to=admin-dir_permissions. Or, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it. See https://docs.nextcloud.com/server/26/go.php?to=admin-config

Cannot write into "apps" directory.
This can usually be fixed by giving the web server write access to the apps directory or disabling the App Store in the config file.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /config/www/nextcloud/lib/private/Console/Application.php:167
Stack trace:
#0 /config/www/nextcloud/console.php(99): OC\Console\Application->loadCommands()
#1 /config/www/nextcloud/occ(11): require_once('...')

 

 

 

Link to comment
3 hours ago, squarebob said:

@gevsan
It is probably an issue with file owner. In you nextcloud appdata folder you can check it by doing:

ls -la

it should say "nobody users" as owner. If it dosnt, you can run:
 

chown nobody:users -R *

then re-run the update command

I will try this.

 

Just a noobish question.. I assume you mean to do this through the terminal?

How do i cd into the directory?

Link to comment
10 hours ago, squarebob said:

You could use the terminal in web gui (from the row on the top right in gui), then

cd /mnt/user/appdata/nextcloud/

 

Thanks!

 

I tried 

ls -la

and I had no owner.

 

So i typed

chown nobody:users -R *

 and it still doesn't give me owner.

 

Below is the output after I typed "chown nobody:users -R *"

 

root@Tower:/mnt/user/appdata/nextcloud# ls -la
total 145856
drwxrwxrwx 1 nobody users       192 Apr 12 09:34 ./
drwxrwxrwx 1  65534 users       606 Mar 29 10:56 ../
drwxrwxrwx 1 nobody users        20 Jan 24  2022 .cache/
-rw-r--r-- 1 nobody users        28 Oct 19 17:01 .migrations
-rw------- 1 nobody users      1024 Apr 10 19:39 .rnd
drwxrwxrwx 1 nobody users         8 Apr 13 07:54 crontabs/
drwxr-xr-x 1 nobody users         0 Feb 27 12:51 custom-cont-init.d/
drwxr-xr-x 1 nobody users         0 Feb 27 12:51 custom-services.d/
drwxrwxrwx 1 nobody users        32 Jan 24  2022 keys/
-rw-r--r-- 1 nobody users 149346219 Apr 12 09:34 latest.tar.bz2
drwxrwxrwx 1 nobody users        48 Apr 13 02:00 log/
drwxrwxrwx 1 nobody users       212 Apr 13 07:54 nginx/
drwxrwxrwx 1 nobody users        44 Jan 24  2022 php/
drwxrwxrwx 1 nobody users        70 Apr 13 07:52 www/

Link to comment
1 hour ago, squarebob said:

Your output looks correct now. Did you try and run the update again?

Yes I did.

 

I get this message:

 

root@Tower:~# docker exec -it nextcloud occ upgrade
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
Cannot write into "config" directory.
This can usually be fixed by giving the web server write access to the config directory. See https://docs.nextcloud.com/server/26/go.php?to=admin-dir_permissions. Or, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it. See https://docs.nextcloud.com/server/26/go.php?to=admin-config

Cannot write into "apps" directory.
This can usually be fixed by giving the web server write access to the apps directory or disabling the App Store in the config file.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /config/www/nextcloud/lib/private/Console/Application.php:167
Stack trace:
#0 /config/www/nextcloud/console.php(99): OC\Console\Application->loadCommands()
#1 /config/www/nextcloud/occ(11): require_once('...')
#2 {main}root@Tower:~# 

Link to comment
6 hours ago, Wong said:

Recently just updated my Nextcloud docker to 26.0.0 Can anyone guide me on how to solve the security red warning here?

 

Since Nextcloud 26, the default nginx config has changed.
Open the NextCloud docker terminal and edit the file /config/nginx/site-confs/default.conf

Change the line 

add_header X-Robots-Tag “none” always;

to

add_header X-Robots-Tag “noindex, nofollow” always;

 

Restart and you should be good. You check your Nextcloud headers before and after at: https://headers.4tools.net/

  • Upvote 2
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.